You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With this option, You can incorporate [Managed certificates]({{< relref "/nginx-one/how-to/certificates/manage-certificates.md#managed-and-unmanaged-certificates" >}}).
6
+
In the **Choose Certificate** drop-down, select the managed certificate of your choice, and select **Add**. You can then:
7
+
8
+
1. Review details of the certificate. The next steps depend on whether the certificate is a CA bundle or a certificate / key pair.
9
+
1. Enter the **Certificate File Path**, such as `/etc/ssl/nginx/mycert.crt` or `/etc/ssl/nginx/mycert.pem`.
10
+
1. If you selected a key pair, you'll also enter the **Key File Path**, such as `/etc/ssl/nginx/mycert.key`.
11
+
1. If you select **Add Item**, you can add the same certificate or key to another directory.
12
+
1. Select **Add**. You should now be returned to the **Edit Configuration** window.
13
+
You should now see the files you specified in the directory tree.
14
+
1. Select **Next** and then **Save and Publish**.
15
+
You may see a message that suggests publication is in progress.
16
+
1. When publication is complete, you're taken back to the **Configuration** tab. You should see the updated configuration in the window.
Copy file name to clipboardExpand all lines: content/includes/nginx-one/add-file/new-ssl-bundle.md
+17-1Lines changed: 17 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -11,7 +11,23 @@ You can add certificates in the following formats:
11
11
-**SSL Certificate and Key**
12
12
-**CA Certificate Bundle**
13
13
14
-
In each case, you can upload files directly, or enter the content of the certificates in a text box. Once you upload these certificates, you'll see:
14
+
In each case, you can upload files directly, or enter the content of the certificates in a text box. Once you upload these certificates, you may need to scroll down. You'll see:
15
15
16
16
-**Certificate Details**, with the Subject Name, start and end dates.
17
17
-**Key Details**, with the encryption key size and algorithm, such as RSA
18
+
19
+
Select **Save and Continue**. You're taken to another screen where you can specify the locations for your files, which may be:
20
+
21
+
-**Certificate File Path**
22
+
- Enter the full path to your certificate, such as
23
+
- /etc/ssl/nginx/server.crt
24
+
- /etc/ssl/nginx/server.pem
25
+
26
+
-**Key File Path**
27
+
- Enter the full path to your certificate key, such as
28
+
- /etc/ssl/nginx/server.key
29
+
- If you're using a `.pem` file, you won't have a separate key.
30
+
31
+
With the **Add Item** button, you can add the file to additional directories.
32
+
33
+
When complete, select **Add** to include the certificate files that you've configured to desired directories.
| Website traffic | /etc/nginx/ssl/example.com.crt <br> /etc/nginx/ssl/example.com.key | Typically purchased from a Certificate Authority (CA). |
22
-
| Repository access | /etc/ssl/nginx/nginx-repo.crt <br> /etc/ssl/nginx/nginx-repo.key | Supports access to repositories to download and install NGINX packages. |
23
-
| NGINX Licensing | /etc/ssl/nginx/server.crt <br> /etc/ssl/nginx/server.key | Supports access to repositories. Based on licenses downloaded from https://my.f5.com/. Time limited. |
22
+
| Website traffic | /etc/nginx/ssl/example.com.crt <br> /etc/nginx/ssl/example.com.key | Typically purchased from a Certificate Authority (CA) |
23
+
| Repository access | /etc/ssl/nginx/nginx-repo.crt <br> /etc/ssl/nginx/nginx-repo.key | Supports access to repositories to download and install NGINX packages |
24
+
| NGINX Licensing | /etc/ssl/nginx/server.crt <br> /etc/ssl/nginx/server.key | Supports access to repositories. Based on licenses downloaded from https://my.f5.com/|
25
+
{{</bootstrap-table>}}
24
26
25
27
Allowed directories depend on the [NGINX Agent]({{< relref "/nginx-one/getting-started/#install-nginx-agent" >}}). Look for the `/etc/nginx-agent/nginx-agent.conf` file.
26
28
Find the `config_dirs` parameter in that file, as described in the NGINX Agent [Basic configuration](https://docs.nginx.com/nginx-agent/configuration/configuration-overview/#cli-flags--environment-variables).
@@ -65,7 +67,18 @@ The NGINX One Console allows you to upload these certificates as text and as fil
65
67
Make sure your certificates, keys, and pem files are encrypted to one of the following standards:
66
68
67
69
- RSA
68
-
- ECDSA
70
+
- ECC/ECDSA
71
+
72
+
In other words, any private key of this type should be supported, regardless of the curve types or hashing algorithm.
73
+
74
+
For exmaple, if you use ECDSA private keys in PEM format, the PEM headers should contain:
75
+
76
+
```
77
+
-----BEGIN EC PRIVATE KEY-----
78
+
<...base64-encoded key>
79
+
-----END EC PRIVATE KEY-----
80
+
81
+
```
69
82
70
83
If you use one of these keys, the US National Institute of Standards and Technology, in [Publication 800-57 Part 3 (PDF)](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf), recommends a key size of at least
Copy file name to clipboardExpand all lines: content/nginx-one/how-to/config-sync-groups/add-file-csg.md
+2-11Lines changed: 2 additions & 11 deletions
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ doctypes:
4
4
- task
5
5
tags:
6
6
- docs
7
-
title: Add a file in a Config Sync Group
7
+
title: Add a file to a Config Sync Group
8
8
toc: true
9
9
weight: 400
10
10
---
@@ -60,17 +60,8 @@ Enter the name of the desired configuration file, such as `abc.conf` and select
60
60
61
61
### Existing SSL Certificate or CA Bundle
62
62
63
+
{{< include "nginx-one/add-file/existing-ssl-bundle.md" >}}
63
64
With this option, You can incorporate [Managed certificates]({{< relref "/nginx-one/how-to/certificates/manage-certificates.md#managed-and-unmanaged-certificates" >}}).
64
-
In the **Choose Certificate** drop-down, select the managed certificate of your choice, and select **Add**. You can then:
65
-
66
-
1. Review details of the certificate. The next steps depend on whether the certificate is a CA bundle or a certificate / key pair.
67
-
1. Enter the **Certificate File Path**, such as `/etc/ssl/nginx/mycert.crt`.
68
-
1. If you selected a key pair, you'll also enter the **Key File Path**, such as `/etc/ssl/nginx/mycert.key`.
69
-
1. Select **Add**. You should now be returned to the **Edit Configuration** window.
70
-
You should now see the files you specified in the directory tree.
71
-
1. Select **Next** and then **Save and Publish**.
72
-
You may see a message that suggests publication is in progress.
73
-
1. When publication is complete, you're taken back to the **Configuration** tab. You should see the updated configuration in the window.
Copy file name to clipboardExpand all lines: content/nginx-one/how-to/nginx-configs/add-file.md
+1-12Lines changed: 1 addition & 12 deletions
Original file line number
Diff line number
Diff line change
@@ -61,18 +61,7 @@ Enter the name of the desired configuration file, such as `abc.conf` and select
61
61
62
62
### Existing SSL Certificate or CA Bundle
63
63
64
-
With this option, You can incorporate [Managed certificates]({{< relref "/nginx-one/how-to/certificates/manage-certificates.md#managed-and-unmanaged-certificates" >}}).
65
-
In the **Choose Certificate** drop-down, select the managed certificate of your choice, and select **Add**. You can then:
66
-
67
-
1. Review details of the certificate. The next steps depend on whether the certificate is a CA bundle or a certificate / key pair.
68
-
1. Enter the **Certificate File Path**, such as `/etc/ssl/nginx/mycert.crt`.
69
-
1. If you selected a key pair, you'll also enter the **Key File Path**, such as `/etc/ssl/nginx/mycert.key`.
70
-
1. Select **Add**. You should now be returned to the **Edit Configuration** window.
71
-
You should now see the files you specified in the directory tree.
72
-
1. Select **Next** and then **Save and Publish**.
73
-
You may see a message that suggests publication is in progress.
74
-
- If the instance is offline, **Save and Publish** does not work.
75
-
1. When publication is complete, you're taken back to the **Configuration** tab. You should see the updated configuration in the window.
64
+
{{< include "nginx-one/add-file/existing-ssl-bundle.md" >}}
0 commit comments